ArmorIQ LogoArmorIQ SDK
Core Methods

invoke()

Executes an action on an MCP server with cryptographic verification.

client.invoke(
    mcp: str,
    action: str,
    intent_token: IntentToken,
    params: dict = None,
    merkle_proof: list = None,
    user_email: str = None
) -> MCPInvocationResult
await client.invoke(
  mcp: string,
  action: string,
  intentToken: IntentToken,
  params?: Record<string, any>,
  merkleProof?: Array<Record<string, any>>,
  userEmail?: string
): Promise<MCPInvocationResult>

Parameters

ParameterTypeRequiredDefaultDescription
mcpstrYes-MCP server name (e.g., "analytics-mcp")
actionstrYes-Action/tool to execute (must be in plan)
intent_tokenIntentTokenYes-Token from get_intent_token()
paramsdictNoAction parameters
merkle_prooflistNoAuto-generatedOptional Merkle proof
user_emailstrNoNoneOptional user email

Flow

  1. SDK generates Merkle proof for this action from plan
  2. SDK → ArmorIQ Proxy POST /invoke with CSRG headers:
    • X-API-Key: API key for authentication
    • X-CSRG-Path: Path in plan (e.g., /steps/[0]/action)
    • X-CSRG-Value-Digest: SHA256 hash of action value
    • X-CSRG-Proof: JSON Merkle proof array
  3. Proxy performs IAP Step Verification:
    • Validates Merkle proof against plan_hash
    • Verifies CSRG path matches plan structure
    • Checks value digest matches action
    • Verifies Ed25519 signature on token
  4. If verification passes, proxy routes to MCP server
  5. MCP executes action and returns result

Returns

{
    "success": bool,               # Whether action succeeded
    "data": any,                   # Response data from MCP
    "error": str,                  # Error message (if failed)
    "execution_time_ms": int,      # Execution duration
    "mcp": str,                    # MCP that executed
    "action": str                  # Action that ran
}
interface MCPInvocationResult {
  mcp: string;                  // MCP identifier
  action: string;               // Action that was invoked
  result: any;                  // Action result data
  status: string;               // Execution status
  executionTime?: number;       // Time taken (seconds)
  verified: boolean;            // Token verification status
  metadata: Record<string, any> // Extra metadata
}

Raises

  • VerificationError: If IAP Step Verification fails
  • TokenExpiredError: If token has expired
  • MCPError: If MCP execution fails
  • NetworkError: If request fails

Example

# Basic invocation
result = client.invoke(
    mcp="analytics-mcp",
    action="analyze",
    intent_token=token,
    params={"data": [1, 2, 3, 4, 5], "metrics": ["mean", "std"]}
)

if result["success"]:
    print(f"Results: {result['data']}")
    print(f"Took: {result['execution_time_ms']}ms")
else:
    print(f"Error: {result['error']}")

# With error handling
try:
    result = client.invoke("data-mcp", "fetch_data", token, {"source": "db"})

    if result["success"]:
        data = result["data"]
    else:
        logger.error(f"MCP error: {result['error']}")

except TokenExpiredError:
    # Get fresh token
    token = client.get_intent_token(plan)["token"]
    result = client.invoke("data-mcp", "fetch_data", token, {"source": "db"})

except VerificationError as e:
    # Action not in plan
    logger.error(f"Verification failed: {e}")
    # Need to recreate plan with correct actions

# Custom timeout
result = client.invoke(
    "analytics-mcp",
    "long_analysis",
    token,
    {"dataset": "large"},
    timeout=120  # 2 minutes
)
import { 
  ArmorIQClient, 
  TokenExpiredException, 
  IntentMismatchException 
} from '@armoriq/sdk';

// Basic invocation
const result = await client.invoke(
  'analytics-mcp',
  'analyze',
  token,
  { data: [1, 2, 3, 4, 5], metrics: ['mean', 'std'] }
);

console.log(`Results: ${JSON.stringify(result.result)}`);
console.log(`Took: ${result.executionTime?.toFixed(2)}s`);

// With error handling
try {
  const result = await client.invoke(
    'data-mcp',
    'fetch_data',
    token,
    { source: 'db' }
  );
  const data = result.result;
} catch (error) {
  if (error instanceof TokenExpiredException) {
    // Get fresh token
    const newToken = await client.getIntentToken(planCapture);
    const result = await client.invoke(
      'data-mcp',
      'fetch_data',
      newToken,
      { source: 'db' }
    );
  } else if (error instanceof IntentMismatchException) {
    // Action not in plan
    console.error(`Verification failed: ${error.message}`);
    // Need to recreate plan with correct actions
  }
}

// Sequential invocation from complete workflow
const result1 = await client.invoke('weather-mcp', 'get_weather', token, { city: 'Boston' });
console.log(`Boston weather: ${JSON.stringify(result1.result)}`);

const result2 = await client.invoke('weather-mcp', 'get_weather', token, { city: 'New York' });
console.log(`New York weather: ${JSON.stringify(result2.result)}`);

Policy Specification

Define authorization policies for intent tokens.

delegate()

Delegate authority to another agent with restricted permissions.

On this page

ParametersFlowReturnsRaisesExample